Phishing Attack Exploits Taxpayers’ Desire to be Compensated

According to security company McAfee, a new phishing attack is targeting victims of HMRC (Her Majesty's Revenue and Customs) data breach with a bogus offer of an income tax refund. McAfee said that phishers are luring innocent people through an opportunity to avail a tax rebate of £215 from the government.

The trick takes advantage of the missing computer discs from HMRC that contained confidential details on 25 Million recipients of child benefit, including addresses, child records, NI numbers, and building society and bank details.

McAfee says that the strikes were targeted on UK e-mail addresses. Meanwhile, similar financial incentive of tax refunds due to loss of data and the Internal Revenue Service (IRS) service in the US have been used as lure to carry out attacks in the US.

With regard to the HMRC phishing attack, possible marks were asked for submission of confidential records to a Germany-based server, which has been withdrawn from the Web.

According to McAfee Security Expert, Toralv Dirro, it seems that it was one harmless Web page that had been hacked into, indicating a rather unusual situation. Dirro also added that this attack is not the sole one and there are many more imitations that will become visible during the next two weeks, as reported by ITPRO on February 22, 2008.

Remarking on the methodology used to carry out the phishing attack, Security Analyst Greg Day, McAfee, said that the particular attack echoes the old time get-rich-quick scams, taking advantage of taxpayers' desire to receive compensation from the government for losing their records. But Day added that people should understand that nothing comes free, so there is really nothing like 'free money', as reported by The Register on February 22, 2008.

McAfee, therefore, advises Internet users to look out for further such attacks. Meanwhile, the attack comes just after two months of December 2007 and January 2008 when Alistair Darling, Chancellor of UK, announced the missing data. So it can be argued that the perpetrators are rather slow to take off, as reported by The Register reported on February 22, 2008.